Open Bug 377438 (textfuzzer) Opened 13 years ago Updated 3 years ago

Text fuzzer

Categories

(Core :: Platform Fuzzing Team, defect)

defect
Not set

Tracking

()

People

(Reporter: jruderman, Assigned: jruderman)

References

(Depends on 15 open bugs, Blocks 1 open bug)

Details

(Keywords: meta, sec-other, Whiteboard: [sg:nse meta])

Attachments

(1 file, 4 obsolete files)

386 bytes, application/xhtml+xml
Details
roc asked me to make a fuzzer that tests Gecko's text and font code, so I made this.  It makes text nodes containing random unicode characters, emphasizing certain characters such as ZWNJ.  The characters start out in separate text nodes, but they are combined with innerHTML and textContent.

So far (only running on Mac) it has found four bugs: 377231, 377232, 377314, 377360.

Simon, please advise me as to what characters I should test the most, what fonts to test, etc.
Attached file fuzzer-text.js (obsolete) —
jshin, mscott, vlad and others are folks that have dealt with various font handling bugs in the past and might have ideas that might make interesting test cases.
Attached file fuzzer-text.xhtml
To test, toss these two files into a directory with the stuff from bug 339948, and drag fuzzer-text.xhtml to the web browser.
Depends on: 377461
Attached file fuzzer-text.js (obsolete) —
* Test very large font sizes.
* Test wrapping and text-align: justify.
* Exclude '\r' to avoid bug 377461.

Mac Firefox (trunk with patch for bug 377231) survived for 10 minutes with no crashes or new assertions, and shut down without crashing.  I haven't tested other platforms.
Attachment #261500 - Attachment is obsolete: true
Attached file fuzzer-text.js (obsolete) —
* Test '\r' again (since a patch is available for bug 377461).
* Test Arabic more.
Attachment #261533 - Attachment is obsolete: true
Attached file fuzzer-text.js (obsolete) —
* Really test '\r' again.
Attachment #261535 - Attachment is obsolete: true
Depends on: 377522
Some more interesting chars:
German Szlig: 0x00DF
Backslash: 0x5C

A couple of chars in each of the ranges we have macros for here:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/layout/base/nsBidiUtils.h&rev=1.11&root=/cvsroot&mark=197-244#197
I would test more combining characters, with characters from the same script and with characters from different scripts.
Depends on: 377623
Whiteboard: [sg:nse meta]
Depends on: 385414
Depends on: 385417
Depends on: 385423
Depends on: 385426
Depends on: 385719
Some of the characters on this page should be included:
http://alanwood.net/unicode/aegean_numbers.html
(it caused a crash in bug 365923)
Depends on: 394246
Depends on: 394275
Depends on: 394384
Depends on: 394402
Depends on: 395335
Depends on: 395458
Depends on: 395651
Alias: textfuzzer
Depends on: 396321
Comment on attachment 261536 [details]
fuzzer-text.js

fuzzer-text.js has been incorporated into fuzzer-combined.js, which lives in bug 339948.
Attachment #261536 - Attachment is obsolete: true
Depends on: 397187
Depends on: 399940
Depends on: 400081
Depends on: 402307
Depends on: 403156
Depends on: 403299
Depends on: 403352
Depends on: 404204
Depends on: 404219
Depends on: 405178
Depends on: 405268
Depends on: 406675
Depends on: 410228
Depends on: 410426
Depends on: 410596
Depends on: 410967
Depends on: 413085
Depends on: 413388
Depends on: 416637
Depends on: 417109
Depends on: 419095
Depends on: 419255
Depends on: 419352
Depends on: 420785
Depends on: 420790
Depends on: 420945
Depends on: 420962
Depends on: 421393
Depends on: 421813
Depends on: 423264
Depends on: 424629
Depends on: 424631
Depends on: 426272
Depends on: 428633
Depends on: 429899
Depends on: 439206
Depends on: 450508
Depends on: 452025
Depends on: 455623
Depends on: 457375
Depends on: 460389
Depends on: 467873
Depends on: 468035
Depends on: 468546
Depends on: 470418
Depends on: 471360
Depends on: 472256
Depends on: 472776
Depends on: 477731
Depends on: 478504
Depends on: 483120
Depends on: 483346
Depends on: 487724
Depends on: 490777
Depends on: 495875
Depends on: 499844
Depends on: 505399
Depends on: 507566
Depends on: 522374
Depends on: 526375
Depends on: 532726
Depends on: 533380
Depends on: 533393
Depends on: 536242
Depends on: 537562
Depends on: 538062
Depends on: 539137
Depends on: 541277
Depends on: 541281
Depends on: 546530
Depends on: 549160
Depends on: 553761
Depends on: 563600
Depends on: 563740
Depends on: 571633
Depends on: 572582
Depends on: 572620
Depends on: 595423
Depends on: 595428
Depends on: 615475
Depends on: 633322
Depends on: 635329
Depends on: 646561
Depends on: 646983
Depends on: 647332
Depends on: 650475
Depends on: 650499
Depends on: 660416
Depends on: 663662
Depends on: 675515
Depends on: 675550
Depends on: 686190
Depends on: 691330
Depends on: 698335
Depends on: 714667
Depends on: 718331
Depends on: 722137
Depends on: 723357
Depends on: 729851
Depends on: 732696
Depends on: 734777
Depends on: 736210
Depends on: 745580
Depends on: 746489
Depends on: 761074
Depends on: 764236
Depends on: 766452
Depends on: 767279
Depends on: 788836
Depends on: 803946
Depends on: 812826
Depends on: 822723
Depends on: 822910
Depends on: 828054
Depends on: 840272
Depends on: 840787
Depends on: 840818
Depends on: 841174
Depends on: 843917
Depends on: 849603
Depends on: 849745
Depends on: 849987
Depends on: 852129
Depends on: 860378
Depends on: 866544
Depends on: 866588
Depends on: 868906
Depends on: 876831
Depends on: 880925
Depends on: 881031
Depends on: 883712
Depends on: 885608
Depends on: 887631
Depends on: 895323
Depends on: 897342
Depends on: 897887
Depends on: 898951
Depends on: 944849
Depends on: 963878
Depends on: 970710
Depends on: 975700
Depends on: 975704
Depends on: 1072106
Depends on: 1145768
Depends on: 1145934
Depends on: 1162813
Blocks: 1172704
No longer blocks: fuzz
Depends on: 1186720
Depends on: 1221904
Depends on: 1230319
Depends on: 1234418
Component: Tracking → Platform Fuzzing Team
You need to log in before you can comment on or make changes to this bug.